background image

 

 

White Paper 

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 

Page 5 of 12 

Additional Commands and References 

If the key is configured incorrectly, you need to remove the crypto key first and then reconfigure it. 

To remove the key, enter the following commands in order in Router Configure Mode:  

training#configure terminal 

training(config)#no crypto key pubkey-chain rsa 

training(config-pubkey-chain)#no named-key realm-cisco.pub signature 

training(config-pubkey-chain)#exit 

training(config)#exit 

 

Verify that the key is removed from the configuration using the following command at the router 

prompt: 

show run 

Configure the key again by following Steps 3.1 through 3.5. 

4 Enabling Cisco IOS IPS 

The fourth step is to configure Cisco IOS IPS using the following sequence of steps: 

Step 4.1 Create a rule name (this will be used on an interface to enable IPS) 

ip ips name <rule name>  

training#configure terminal 

training(config)# ip ips name myips 

Step 4.2 Configure IPS signature storage location; the directory name is the directory 

“ipsstore” created in Step 2: 

ip ips config location flash:<directory name>  

training#configure terminal 

training(config)#ip ips config location flash:ipsstore 

Step 4.3 Enable IPS SDEE event notification: 

ip ips notify sdee  

training(config)#ip ips notify sdee 

Содержание IOS Router

Страница 1: ... specific commands are described The Additional Commands and References section under each step provides additional information Example configurations are displayed in a box below each command The second section of the guide provides instructions and examples on advanced options for signature tuning Topics include Enable Disable Signatures Retire Unretire Signatures Change Signature Actions Prereq...

Страница 2: ...configuration Step 1 1 Download the required signature files from Cisco com to your PC Ensure that you have a valid Cisco com username and password Cisco com location http www cisco com cgi bin tablebuild pl ios v5sigup Files to download IOS Sxxx CLI pkg Latest signature package pick the signature package with largest number in xxx realm cisco pub key txt Public crypto key Additional Commands and ...

Страница 3: ...368 bytes total 6279168 bytes free To rename the directory name use the Rename Directory Command example or the combination of the Remove Directory Command and Create Directory Command at the router prompt Rename the directory Rename Directory Command rename current name new name training rename ipsstore ips Destination filename ips OR First remove the directory Remove Directory Command rmdir curr...

Страница 4: ...to key pubkey chain rsa named key realm cisco pub signature key string 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 94790...

Страница 5: ...at the key is removed from the configuration using the following command at the router prompt show run Configure the key again by following Steps 3 1 through 3 5 4 Enabling Cisco IOS IPS The fourth step is to configure Cisco IOS IPS using the following sequence of steps Step 4 1 Create a rule name this will be used on an interface to enable IPS ip ips name rule name training configure terminal tra...

Страница 6: ...s rule name in out training config interface vlan 1 training config if ip ips myips in training config if exit training config exit training Additional Commands and References Cisco IOS IPS Configuration Guide http www cisco com en US products ps6441 products_feature_guide09186a0080747eb0 html 5 Loading Signatures to Cisco IOS IPS The last step is to load the signatures into Cisco IOS IPS In the f...

Страница 7: ... 0 Signature package version Trend SDF release version V0 0 Signature Micro Engine multi string Total Signatures 3 Enabled 3 Retired 3 Skipped Signature Micro Engine normalizer Total Signatures 9 Enabled 8 Retired 1 Compiled 8 Total Signatures 1964 Total Enabled Signatures 736 Total Retired Signatures 1625 Total Compiled Signatures 338 Total active compiled signatures Total Signatures with invalid...

Страница 8: ...ion only If you want to configure additional actions the following CLI commands are available to change the signature configurations training config ip ips signature category training config ips category category ios_ips basic training config ips category action event action deny packet inline training config ips category action event action reset tcp connection training config ips category action...

Страница 9: ...ontents of each file are described below training sigdef typedef xml A file that has all the signature parameter definitions training sigdef category xml Has all the signature category information such as category ios_ips basic and advanced training sigdef default xml Contains all the factory default signature definitions 6 Enable Disable Signatures You can use the Cisco IOS Software command line ...

Страница 10: ...441 products_feature_guide09186a0080747eb0 html 7 Retire Unretire Signatures You can use the Cisco IOS Software CLI to retire or unretire one signature or a group of signatures based on signature categories Retiring a signature means Cisco IOS IPS will not compile that signature into memory for scanning Unretiring a signature instructs Cisco IOS IPS to compile the signature into memory and use the...

Страница 11: ...s ps6441 products_feature_guide09186a0080747eb0 html 8 Change Signature Actions You can use the Cisco IOS Software CLI to change signature actions for one signature or a group of signatures based on signature categories Following are example CLI commands to change signature action to alert drop and reset for signature 6130 10 training configure terminal Enter configuration commands one per line En...

Страница 12: ...tegory training config ips category category ios_ips basic training config ips category action event action produce alert training config ips category action event action deny packet inline training config ips category action event action reset tcp connection training config ips category action exit training config ips category exit Do you want to accept these changes confirm y training config Add...

Отзывы: